IN THE CLAIMS : 

Please CANCEL claims 9 and 13 without prejudice or disclaimer. 
Please AMEND claims 1, 7, 10, 14, and 16-18 as follows. 
Please ADD claims 21-26 as follows. 

1 . (Currently Amended) A system, comprising: 
an application device; 
a service device; 

a communication network configured to connect said application device to said 
service device; 

an internet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of authentication services 
and encryption services, said internet protocol security service unit deployed in said 
service device; 

at least one management client configured to issue security association 
management requests to create and manage, with a session key management protocol, 
security associations for use by said provided internet protocol security services, said at 
least one management client deployed in said application device; and 

a management server configured to receive said security association management 
requests issued from said at least one management client and to respond, in connection 
with said internet protocol security service unit , to said security association management 
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requests received at said management server, said management server deployed in said 
service device. 

2. (Previously Presented) The system according to claim 1, wherein said 
application device further comprises an interface configured to provide communication 
between said at least one management client associated with said application device and 
said management server. 

3. (Previously Presented) The system according to claim 1, wherein said 
security association management requests comprise at least one of adding requests 
configured to add security associations, deleting requests configured to delete security 
associations, and querying requests configured to query about security associations. 

4. (Previously Presented) The system according to claim 2, wherein said 
interface is further configured to use sockets for communication with said management 
server. 

5. (Previously Presented) The system according to claim 2, wherein said 
interface comprises data structures used in communication between said management 
client and said management server. 
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6. (Previously Presented) The system according to claim 2, wherein said 
interface is implemented as a software library linked dynamically or statistically into a 
corresponding management client. 

7. (Currently Amended) The system according to claim 1, wherein said 
internet protocol security service unit and said management server are configured to use a 
local communication channel for communications between said internet protocol security 
service unit and said management server. 

8. (Previously Presented) The system according to claim 1, wherein at least 
one application device comprises two or more management clients, and wherein at least 
two of said management clients are configured to use different session key management 
protocols. 

9. (Cancelled) 

10. (Currently Amended) A method, comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit , said internet protocol security service unit being deployed in a service 
device; 
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issuing security association management requests to create and manage, with a 
session key management protocol, security associations for use by said provided internet 
protocol security services, from at least one management client, said at least one 
management client being deployed in an application device; 

receiving in a management server said security association management requests 
issued from said at least one management client; and 

responding, in connection with an -said internet protocol security service unit to 
said security association management requests received at said management server, said 
management server being deployed in said service device, 

wherein said application device is connected to said service device by a 
communication network. 

11. (Previously Presented) The method according to claim 10, wherein said 
issuing comprises communicating at least one of said security association management 
requests issued from said application device and corresponding responses via an interface 
associated with said application device. 

12. (Previously Presented) The method according to claim 10, wherein said 
issuing comprises issuing said security association management requests comprising at 
least one of adding requests for adding security associations, deleting requests for 
deleting security, and querying requests for querying about security associations. 
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13. (Cancelled) 

14. (Currently Amended) An apparatus, comprising: 

at least one management client configured to issue security association 
management requests to create and manage, with a session key management protocol, 
security associations for use by an -one or more internet protocol security services 
comprisin g at least one of authentication services and encryption services provided bv an 
internet protocol security service unit external to said apparatus : and 

an interface configured to communicate said issued security association 
management requests to a management server external to said apparatus, said 
management server configured to respond to said security association management 
requests in connection with an — said internet protocol security service unit.s efveF 
configured to provid e one or more internet protocol security services comprising at least 
one of auth e ntication s e rvic e s and e ncryption s e rvices. 

15. (Previously Presented) The apparatus according to claim 14, wherein said 
security association management requests comprise at least one of adding requests 
configured to add security associations, deleting requests configured to delete security 
associations, and querying requests configured to query about security associations. 
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16. (Currently Amended) An apparatus, comprising: 

an internet protocol security sefve ^service unit configured to provide one or more 
internet protocol security services comprising at least one of authentication services and 
encryption services; and 

a management server configured to receive security association management 
requests issued from at least one management client external to said apparatus and to 
respond, in connection with said internet protocol security sefve fservice unit , to said 
received security association management requests. 

17. (Currently Amended) The apparatus according to claim 16, wherein said 
internet protocol security sefver -service unit is configured to use a local communication 
channel for communications between said internet protocol security sefvef -service unit 
and said management server. 

1 8. (Currently Amended) A method, comprising: 

issuin g, from at least one management client deployed in an application device. 
security association management requests to create and manage, with a session key 
management protocol, security associations for use by one or more internet protocol 
security services comprising at least one of authentication services and encryption 
services provided bv an internet protocol security service unit external to said application 
devic e, from at loaat ono management client deployed in an application device ; and 
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communicating at least one of said issued security association management 
requests to a management server external to said application device , wherein said 
manageme nt server is configured to respond to said security association management 
requests i n connection with said internet protocol security service unit . 

19. (Previously Presented) The method according to claim 18, wherein said 
communicating comprises communicating at least one of said security association 
management requests issued from said application device and corresponding responses via 
an interface associated with said application device. 

20. (Previously Presented) The method according to claim 18, wherein said 
issuing comprises issuing said security association management requests comprising at 
least one of adding requests for adding security associations, deleting requests for 
deleting security, and querying requests for querying about security associations. 

21. (New) A method, comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, wherein said internet protocol security service unit is deployed in a service 
device; and 
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receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with 
said providing the one or more internet protocol security services, to said received 
security association management requests. 

22. (New) A computer readable storage medium encoded with instructions 
that, when executed by a computer, perform a process, the process comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, said internet protocol security service unit being deployed in a service 
device; 

issuing security association management requests to create and manage, with a 
session key management protocol, security associations for use by said provided internet 
protocol security services, from at least one management client, said at least one 
management client being deployed in an application device; 

receiving in a management server said security association management requests 
issued from said at least one management client; and 

responding, in connection with said internet protocol security service unit, to said 
security association management requests received at said management server, said 
management server being deployed in said service device, 
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wherein said application device is connected to said service device by a 
communication network. 

23. (New) A computer readable storage medium encoded with instructions 
that, when executed by a computer, perform a process, the process comprising: 

issuing, from at least one management client deployed in an application device, 
security association management requests to create and manage, with a session key 
management protocol, security associations for use by one or more internet protocol 
security services comprising at least one of authentication services and encryption 
services provided by an internet protocol security service unit external to said application 
device; and 

communicating at least one of said issued security association management 
requests to a management server external to said application device, said management 
server configured to respond to said security association management requests in 
connection with said internet protocol security service unit. 

24. (New) A computer readable storage medium encoded with instructions 
that, when executed by a computer, perform a process, the process comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
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service unit, said internet protocol security service unit being deployed in a service 
device; and 

receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with 
said providing the one or more internet protocol security services, to said received 
security association management requests. 

25. (New) An apparatus, comprising: 

managing means for issuing security association management requests to create 
and manage, with a session key management protocol, security associations for use by 
one or more internet protocol security services comprising at least one of authentication 
services and encryption services provided by an internet protocol security service means 
external to said apparatus; and 

communicating means for communicating said issued security association 
management requests to a management server external to said apparatus, said 
management server configured to respond to said security association management 
requests in connection with said internet protocol security service means. 

26. (New) An apparatus, comprising: 
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internet protocol security service means for providing one or more internet 
protocol security services comprising at least one of authentication services and 
encryption services; and 

receiving means for receiving security association management requests issued 
from at least one management client external to said apparatus and for responding, in 
connection with said internet protocol security service means, to said received security 
association management requests. 
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